[openwrt/openwrt] dnsmasq: add config option for connmark DNS filtering

[LEDE Commits]

dedeckeh pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/02a2b44eabf607fb5405ff0d7da4ad0748d3e1b1

commit 02a2b44eabf607fb5405ff0d7da4ad0748d3e1b1
Author: Etan Kissling <etan.kissling at gmail.com>
AuthorDate: Thu Sep 9 05:43:31 2021 +0000

    dnsmasq: add config option for connmark DNS filtering
    
    This adds uci support to configure connmark based DNS filtering.
    
    Signed-off-by: Etan Kissling <etan_kissling at apple.com>
    (imported from upstream mailing list
    https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q2/015151.html)
    Signed-off-by: Etan Kissling <etan.kissling at gmail.com>
---
 package/network/services/dnsmasq/files/dnsmasq.init | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 205bfb4cf6..9748c09b8e 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -173,6 +173,10 @@ append_ipset() {
 	xappend "--ipset=$1"
 }
 
+append_connmark_allowlist() {
+	xappend "--connmark-allowlist=$1"
+}
+
 append_interface() {
 	network_get_device ifname "$1" || ifname="$1"
 	xappend "--interface=$ifname"
@@ -938,6 +942,14 @@ dnsmasq_start()
 	config_list_foreach "$cfg" "rev_server" append_rev_server
 	config_list_foreach "$cfg" "address" append_address
 	config_list_foreach "$cfg" "ipset" append_ipset
+
+	local connmark_allowlist_enable
+	config_get connmark_allowlist_enable "$cfg" connmark_allowlist_enable 0
+	[ "$connmark_allowlist_enable" -gt 0 ] && {
+		append_parm "$cfg" "connmark_allowlist_enable" "--connmark-allowlist-enable"
+		config_list_foreach "$cfg" "connmark_allowlist" append_connmark_allowlist
+	}
+
 	[ -n "$BOOT" ] || {
 		config_list_foreach "$cfg" "interface" append_interface
 		config_list_foreach "$cfg" "notinterface" append_notinterface